Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Nutanix Virtual Computing Platform

Appendix

search

Appendix

Troubleshooting

IssueError MessageRemediation
KMIP auto-registration is not enabledThe following error message is displayed in the CipherTrust Manager Records:
"errorMessage": "Unregistered client, please register a new client from CLI or API or UI."		Check whether the Auto registration option is selected in Admin Settings > System Interfaces > kmip.
If it is not selected, turn on the Auto registration option.
Refer to Configuration steps for CipherTrust Manager using the GUI or ksctl.
User corresponding to OU/UID has not been createdThe following error messages are displayed in the CipherTrust Manager Records:
"errorMessage": "username not found: <username>
"errorMessage": "Could not authenticate certificate user, hence client is not auto registered in mode tls-cert-pw-opt"		Check whether the user corresponding to the UID/OU of the node certificates has been created in Keys & Access Management > Users.
If the user does not exist, create a new user with the same name as the OU/UID field of the node certificates.
Refer to Configuration steps for CipherTrust Manager using the GUI or ksctl. After creating the user, add it to the Key Users Group.
User has not been added to the Key Users groupThe following error message is displayed in the CipherTrust Manager Records:
"errorMessage": "authorization denied: verdict was deny: CreateKey"		Check whether the user corresponding to the OU/UID field of node certificates has been added to the Key Users group in the GUI at Keys & Access Management > Users > > Groups.
If the user is not added, add it to the Key Users group.
Refer to Configuration steps for CipherTrust Manager using the GUI or ksctl.
The Username Location in Certificate has been set incorrectlyThe following error messages are displayed in the CipherTrust Manager Records:
"errorMessage": "username not found: <username>"
"errorMessage": "Could not authenticate certificate user, hence client is not auto registered in mode tls-cert-pw-opt"		Check whether the Username Location in the Certificate option is set correctly to OU/UID in Admin Settings > System > Interfaces > kmip.
If it is incorrect, set the correct value for Username Location in the Certificate.
Refer to Configuration steps for CipherTrust Manager using the GUI or ksctl.

On this page